Troubleshooting Guide
Page 8
...with the best possible support. When you contact Technical Support, we ask that you provide your GRANT ID and the serial number of the McAfee Network Security Sensor (Sensor) software you have any physical changes made to 5:00 P.M. This was provided to ...or Platinum service contracts. In addition, customers can also resolve technical issues with Technical Support. to the environment recently viii McAfee® Network Security Platform 6.0 Preface Special Topics Guide-Sensor High Availability Special Topics Guide-Virtualization Special Topics Guide-...
...with the best possible support. When you contact Technical Support, we ask that you provide your GRANT ID and the serial number of the McAfee Network Security Sensor (Sensor) software you have any physical changes made to 5:00 P.M. This was provided to ...or Platinum service contracts. In addition, customers can also resolve technical issues with Technical Support. to the environment recently viii McAfee® Network Security Platform 6.0 Preface Special Topics Guide-Sensor High Availability Special Topics Guide-Virtualization Special Topics Guide-...
Troubleshooting Guide
Page 35
...health information. 26 open line fail-close, tap or spa gig/auto (sets intfport speed set intfport id 4B auto Gbps or auto negotiate) Example 2 You can execute this command with multiple parameters. Note: This setting... 7 protocol parsing and attack detection status on datapaths. Enables or disables IP fragment reassembly processing on datapaths. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) set l3 Description Enables or disables the layer 3 packet processing on datapaths. Displays reconnaissance...
...health information. 26 open line fail-close, tap or spa gig/auto (sets intfport speed set intfport id 4B auto Gbps or auto negotiate) Example 2 You can execute this command with multiple parameters. Note: This setting... 7 protocol parsing and attack detection status on datapaths. Enables or disables IP fragment reassembly processing on datapaths. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) set l3 Description Enables or disables the layer 3 packet processing on datapaths. Displays reconnaissance...
Troubleshooting Guide
Page 36
...61623; ICMP dropped checksum error. 27 show statistics udp show attackcount Displays the TCP statistics of a datapath for an ID range. It includes the following information. Displays the alert statistics (signature alerts, reconnaissance alerts and ACL logs) that... Total TCP in timewait Total active UDP flows Total flows in a datapath. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show saved alerts Description Displays the total number and size of attacks detected in SYN state...
...61623; ICMP dropped checksum error. 27 show statistics udp show attackcount Displays the TCP statistics of a datapath for an ID range. It includes the following information. Displays the alert statistics (signature alerts, reconnaissance alerts and ACL logs) that... Total TCP in timewait Total active UDP flows Total flows in a datapath. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show saved alerts Description Displays the total number and size of attacks detected in SYN state...
Troubleshooting Guide
Page 37
... Number of flows dropped for entering into the debug mode. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show statistics ipfrag show aidlog status Displays the status of the attack ID logging. 28 It includes the following sequence of actions: 1 Configures ... path. perf clearactiveflows set loglevel Available parameters: Assigns the log level for a specific attack ID enable/disable/attack ID show datapath processunits Description Displays the IP fragment statistics in the DoS processor.
... Number of flows dropped for entering into the debug mode. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) show statistics ipfrag show aidlog status Displays the status of the attack ID logging. 28 It includes the following sequence of actions: 1 Configures ... path. perf clearactiveflows set loglevel Available parameters: Assigns the log level for a specific attack ID enable/disable/attack ID show datapath processunits Description Displays the IP fragment statistics in the DoS processor.
Troubleshooting Guide
Page 38
... on both the Manager and the Sensor. 29 McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) set aidlog Available parameters: off enable disable where is the attack ID. Configures the Layer2 forwarding to 4095 are enabled for a specific attack ID. Loss of VLAN IDs on specific interfaces available on the Sensor for...
... on both the Manager and the Sensor. 29 McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Debug command name/Parameter(s) set aidlog Available parameters: off enable disable where is the attack ID. Configures the Layer2 forwarding to 4095 are enabled for a specific attack ID. Loss of VLAN IDs on specific interfaces available on the Sensor for...
Troubleshooting Guide
Page 44
... the exact meanings of different types of alerts so that appropriate response can define a customized policy in the mind of any IDS/IPS devices, it's very important to the user. for running these events are obviously not applicable to which are rare. In... of interest for the few , creating attack filters to the extreme and create files with path names more than 1024 characters. McAfee® Network Security Platform 6.0 Determining False Positives Take steps to reduce false positives and noise from overly aggressive signature design, special characteristics of ...
... the exact meanings of different types of alerts so that appropriate response can define a customized policy in the mind of any IDS/IPS devices, it's very important to the user. for running these events are obviously not applicable to which are rare. In... of interest for the few , creating attack filters to the extreme and create files with path names more than 1024 characters. McAfee® Network Security Platform 6.0 Determining False Positives Take steps to reduce false positives and noise from overly aggressive signature design, special characteristics of ...
Troubleshooting Guide
Page 70
... likely due to unavailability of Warning. This is successful. Disabled scheduled Warning Report Template Warning Failed to backup IDS Policy Warning Report Generation has failed for Schedule Report Template due to the Sensor being unavailable, or down. ...failed Severity Warning Description/Cause The Manager's attempt to backup Policy. Policy. Please contact technical support or local reseller. McAfee® Network Security Platform 6.0 System Fault Messages Warning faults The faults listed in the following table have a severity of resource(s) in Report ...
... likely due to unavailability of Warning. This is successful. Disabled scheduled Warning Report Template Warning Failed to backup IDS Policy Warning Report Generation has failed for Schedule Report Template due to the Sensor being unavailable, or down. ...failed Severity Warning Description/Cause The Manager's attempt to backup Policy. Policy. Please contact technical support or local reseller. McAfee® Network Security Platform 6.0 System Fault Messages Warning faults The faults listed in the following table have a severity of resource(s) in Report ...
Troubleshooting Guide
Page 76
... Informational Database backup successfully completed Database tuning in progress Informational Informational Database tuning successful Informational Deleted Network Security Informational Central Manager Attack filter is applied on resources Informational Deleted Central Manager Remove the reference policy...activity such as an archive or restore until the backup process successfully completes. No action required. McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Database backup is in progress....
... Informational Database backup successfully completed Database tuning in progress Informational Informational Database tuning successful Informational Deleted Network Security Informational Central Manager Attack filter is applied on resources Informational Deleted Central Manager Remove the reference policy...activity such as an archive or restore until the backup process successfully completes. No action required. McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Database backup is in progress....
Troubleshooting Guide
Page 86
...Description/Cause RADIUS server is up and running Action RADIUS server is up and running RADIUS Connection Failed Network failure, congestion at servers or RADIUS server not available Try after sometime, check IP address and ... No server available Configure at least one RADIUS server Server with login Id failed to User authenticate to RADIUS server on port due to server timeout/ network failure Added RADIUS server IP Address/Host , port enable Manager 77... valid host name /IP address The table lists the error messages displayed in McAfee® Network Security Manager (Manager).
...Description/Cause RADIUS server is up and running Action RADIUS server is up and running RADIUS Connection Failed Network failure, congestion at servers or RADIUS server not available Try after sometime, check IP address and ... No server available Configure at least one RADIUS server Server with login Id failed to User authenticate to RADIUS server on port due to server timeout/ network failure Added RADIUS server IP Address/Host , port enable Manager 77... valid host name /IP address The table lists the error messages displayed in McAfee® Network Security Manager (Manager).
Troubleshooting Guide
Page 87
McAfee® Network Security Platform 6.0 Error Messages Error Name Edit RADIUS server Delete RADIUS server Description/Cause IP Address/Host set port ,set Enabled Deleted LDAP Server IP Address/Host Error Name Server with login Id failed to authenticate to LDAP server on port due to server timeout/ network... be resolved as entered Invalid host name /IP address LDAP Connection Successful LDAP server is up and running LDAP Connection Failed Network failure, congestion at servers or LDAP server not available No LDAP server configured No server available Action Use a different IP...
McAfee® Network Security Platform 6.0 Error Messages Error Name Edit RADIUS server Delete RADIUS server Description/Cause IP Address/Host set port ,set Enabled Deleted LDAP Server IP Address/Host Error Name Server with login Id failed to authenticate to LDAP server on port due to server timeout/ network... be resolved as entered Invalid host name /IP address LDAP Connection Successful LDAP server is up and running LDAP Connection Failed Network failure, congestion at servers or LDAP server not available No LDAP server configured No server available Action Use a different IP...